Weak Password Policy

Description

The application implements a weak password policy. Without sufficient password complexity, it is significantly easier for an attacker to use brute attacks to determine passwords. Password policy should enforce password complexity including length and mixed character requirements.

Impact

A weak password policy increases the probability of an attacker having success using brute force and dictionary attacks against user accounts. An attacker who can determine user passwords can take over a user’s account and potentially access sensitive data in the application.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

Subscribe here in order to gain access to the AppSec Findings Database